{ "threat_severity" : "Moderate", "public_date" : "2017-01-19T00:00:00Z", "bugzilla" : { "description" : "php: Wrong calculation in exif_convert_any_to_int function", "id" : "1419015", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1419015" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-682", "details" : [ "The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.", "It was found that the exif_convert_any_to_int() function in PHP was vulnerable to floating point exceptions when parsing tags in image files. A remote attacker with the ability to upload a malicious image could crash PHP, causing a Denial of Service." ], "statement" : "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "affected_release" : [ { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-php70-php-0:7.0.27-1.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-php70-php-0:7.0.27-1.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php70-php-0:7.0.27-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php70-php-0:7.0.27-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php70-php-0:7.0.27-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date" : "2018-05-03T00:00:00Z", "advisory" : "RHSA-2018:1296", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-php70-php-0:7.0.27-1.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "php53", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "php", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat OpenShift Enterprise 2", "fix_state" : "Will not fix", "package_name" : "php", "cpe" : "cpe:/a:redhat:openshift:2" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-php56-php", "cpe" : "cpe:/a:redhat:rhel_software_collections:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-10158\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10158" ], "name" : "CVE-2016-10158", "csaw" : false }